Vigil@nce: Solaris TE, privilege elevation via CDE
October 2009 by Vigil@nce
When Solaris Trusted Extensions are enabled, a local attacker can
use Common Desktop Environment to execute commands with root
privileges.
– Severity: 2/4
– Consequences: administrator access/rights
– Provenance: user shell
– Means of attack: no proof of concept, no attack
– Ability of attacker: expert (4/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Creation date: 24/09/2009
IMPACTED PRODUCTS
– OpenSolaris
– Sun Solaris
DESCRIPTION OF THE VULNERABILITY
The Common Desktop Environment graphical environment provides a
Style Manager.
When Solaris Trusted Extensions are enabled, a local attacker can
use the Style Manager to execute commands with root privileges.
Technical details are unknown.
CHARACTERISTICS
– Identifiers: 267488, 6849135, 6867559, BID-36510,
VIGILANCE-VUL-9046
– Url: http://vigilance.fr/vulnerability/Solaris-TE-privilege-elevation-via-CDE-9046